88 Commits

Author SHA1 Message Date
Felix Yan
82ebddca00 Fix compatibility issue in 5.3
The offending entry point object looks like:
EntryPoint(name='compute', value='openstackclient.compute.client',
group='openstack.cli.base')

Story: 2007917
Task: 40323
Change-Id: I0f3cc62e23efdc14203ce6645581d5ba5dbf7fa0
2020-07-14 08:06:55 -05:00
Doug Hellmann
870cf01148 switch to stevedore for entry points
Importing pkg_resources scans every installed distribution to find
all of the entry points. Stevedore is adding a new caching layer using
importlib.metadata, which will not.  Switching to the stevedore should
eventually speed up load times, especially for command line apps. This
change makes the switch now to ensure API compatibility.

We were already using stevedore for tests, so this moves the dependency
from test-requirements.txt to requirements.txt and raises the minimum
version to something more recent.

Change-Id: I3e3632783bc745979b6db73e610df8a77ffaceb0
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
2020-07-06 08:44:31 -04:00
Dean Troyer
1b2595a959 Remove code migrated to osc-lib long ago
* Remove openstackclient.api.utils and use osc_lib.api.utils
* Remove openstackclient.common.clientmanager.ClientManager.auth_ref
* Remove openstackclient.common.commandmanager

Change-Id: I67e1dbc53cc0b37967c0011bcb2fc09bdef62d94
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
2019-05-16 19:19:58 -05:00
Jude Cross
24b06ef273 Fix limits show command without Nova and Cinder
This patch implements an endpoint lookup when showing limits. This
addresses the issue when showing limits without both Nova and Cinder
and will display limits if one is missing.

Change-Id: I2214b281e0206f8fe117aae52de2bf4c4e2c6525
Closes-bug: #1707960
2018-04-03 00:47:00 -07:00
Hongbin Lu
7ef2867ff6 Replace %r with %s on printing string variable
Change-Id: Idd8c15255f024bba7079d3a9a29545dec0c91b58
2017-11-13 15:23:16 +00:00
Hongbin Lu
599fa78262 Be robust on import plugin module
On loading external plugin, OSC should be robust on importing the
plugin module so that commands from other modules can continue to
execute.

Closes-Bug: #1722008
Change-Id: Ibe716681c7f78fabee31b7ef281af2588d68ab30
2017-10-07 17:07:24 -04:00
Akihiro Motoki
f3bbf52b3c Use flake8-import-order plugin
In reviews we usually check import grouping but it is boring.
By using flake8-import-order plugin, we can avoid this.
It enforces loose checking so it sounds good to use it.
This flake8 plugin is already used in tempest.

Note that flake8-import-order version is pinned to avoid unexpected
breakage of pep8 job.

Setup for unit tests of hacking rules is tweaked to disable
flake8-import-order checks. This extension assumes an actual file exists
and causes hacking rule unit tests.

Change-Id: I12b596820727aeeb379bee16c2bc993dee9eb637
2017-08-17 06:55:00 +00:00
Dean Troyer
ef99f44462 Improve no-auth path
The commands that do not require authentication sometimes still need
to call ClientManager.is_network_endpoint_enabled() to see if Neutron
is available.  Optimize the paths a bit to skip auth when it is not
necessary; the upshot is Neutron will be assumed in these cases now.

This gets a LOT cleaner when it appears is a future osc-lib.

Change-Id: Ifaddc57dfa192bde04d0482e2cdcce111313a22a
2017-04-24 18:57:10 -05:00
Dean Troyer
46b8cad4c3 Clean up password prompt work-arounds
osc-lib 1.2 is minimum and now handles the password prompting.

Change-Id: Ie11ad64796d3a89c7396b321c34947d622d1ed39
2017-04-05 13:54:08 -05:00
Rui Chen
4d9da2c40a Fix OSC networking commands help errors
OSC networking commands need to authenticate to get
service catalog, then decide to show nova-network or
neutron command help message. Fake token and fake
auth_type in prepare_to_run_command() casue os-cloud-config
use AdminToken auth plugin, but pass all the auth information
(include: username, password and so on) to it, that casue the
class initialization error. Pop the fake token and url, then
try to load auth plugin again to fix the issue.

Change-Id: I8b140f0b0a60681fc2a35a013bb0c84ff8cb9589
Closes-Bug: #1650026
2017-01-22 06:30:31 +00:00
Dean Troyer
14dbfe4474 Defer auth prompting until it is actually needed
Auth option prompting happens waaaay to early in the default
os-client-config flow, we need to defer it until adter the commands
have been parsed.  This is why ClientManager.setup_auth() exists,
as it is not called until the first attempt to connect to a server
occurs.  Commands that do not require authentication never hit this.

Also, required options were not being enforced.  By doing this we handle
when no authentication info is present, we fail on missing auth-url rather
than attempt to prompt for a password (default auth is password).

Closes-Bug: 1619274
Change-Id: Ia4eae350e6904c9eb2c8507d9b3429fe52418726
2016-09-08 10:31:13 -05:00
Dean Troyer
84c83fc3ae Provide fallback prompt function for current osc-lib
Leaving the pw_func uninitialize in osc-lib turned out to be a
bad idea as the test to prompt in setup_auth() doesn't check
for a callback of None.

Also, release note

Change-Id: I8f875fa8a942d02a040238359ee22c603a4e5956
2016-08-29 19:22:06 -05:00
Dean Troyer
bec206fa0a Fix auth prompt brokenness
We start by fixing this in the already-present OSC_Config class so OSC
can move forward.  This change needs to get ported down into
os-client-config in the near future, maybe even soon enough to make the
client library freeze this week.

* Add the pw-func argument to the OSC_Config (or OpenStackConfig) __init__()
* When looping through the auth options from the KSA plugin look for any
  that have a prompt defined and do not have a value already, so ask for one.

Closes-bug: #1617384
Change-Id: Ic86d56b8a6844516292fb74513712b486fec4442
2016-08-29 11:58:49 -05:00
Dean Troyer
6a15f90dae osc-lib: shell
Convert to using ClientManager and OpenStackShell from osc-lib.
* Change all internal uses of ClientManager private attributes that are
  now public in osc-lib's ClientManager.  Leave back-compat copies in
  place in OSC's clientManager so we don't break plugins.
* Put some work-arounds in place for changes in osc-lib that we need until
  a new release makes it through the g-r and u-c change process.
* Add a test for Unicode decoding of argv in shell.main() to parallel
  the one in osc-lib.

Change-Id: I85289740d4ca081f2aca8c9b40ec422ad25d302c
2016-08-05 13:48:55 -05:00
Dean Troyer
0bc2d83f68 Remove temporary code in ClientManager
This effectively reverts https://review.openstack.org/#/c/341618/.

Change-Id: Ic8e53e17b4a5352b0c00e39bcb5d248b057540a9
2016-07-25 14:55:33 -05:00
Dean Troyer
f38c51c1b9 Rework clientmanager
* Add compatibility for plugin v2 interface removed from osc-lib
* ClientManager.is_network_endpoint_enabled() is wrapper for
  new is_service_available()

Change-Id: I6f26ce9e4d0702f50c7949bacfbeeb0f98cddb5d
2016-07-22 20:49:18 +00:00
Dean Troyer
067647b6a4 Temp work around for missing select_auth_plugin()
These were removed prematurely from osc-lib (by me) but the real fix in
https://review.openstack.org/329189 is having racy functional test issues
that may be related to osc-lib, so let's clear this up while we fix that...

Change-Id: I8f67466967751fdf6fd24ae1b16ccee2aec52323
2016-07-13 10:33:19 -05:00
Dean Troyer
d324530532 osc-lib: api.auth
Move auth plugin checking to osc-lib.

Change-Id: I673d9c2d6e8bbf724c3000459a729e831d747814
2016-06-30 08:57:59 -05:00
Alvaro Lopez Garcia
099a2c38b9 Refactor setting defaults for some scope parameters
The code is setting defaults for some scope parameters, cheking if the
name ends with some specific substring (namely ending in "password")
causing failures in some plugins that end with the same string, but do
not allow those parameters (like "user_domain_id" in "v3oidcpassword").

Closes-Bug: #1582774
Change-Id: Id7036db3b783b135353d035dc4c1df7c808d6474
2016-06-21 08:55:30 +02:00
Dolph Mathews
fe0c8e955b Do not prompt for scope options with default scoped tokens
This changes the scope validation to occur after a token has already
been created.

Previous flow:

1. Validate authentication options.
2. Validate authorization options if the command requires a scope.
3. Create a token (using authentication + authorization options)
4. Run command.

This means that scope was being checked, even if a default scope was
applied in step 3 by Keystone.

New flow:

1. Validate authentication options.
2. Create token (using authentication + authorization options)
3  Validate authorization options if the command requires a scope and
   the token is not scoped.
4. Run command.

Change-Id: Idae368a11249f425b14b891fc68b4176e2b3e981
Closes-Bug: 1592062
2016-06-17 12:37:15 -04:00
Dean Troyer
d20c863ebc osc-lib: exceptions
Use osc-lib directly for exceptions.

Leave openstackclient.common.exceptions for deprecation period.

Change-Id: Iea3e862302372e1b31ccd27f69db59b4953ca828
2016-06-13 10:50:01 -05:00
Navid Pustchi
6ae0d2e8a5 Moving authentication from keystoneclient to keystoneauth
Currently OpenStackClient uses keystoneclient for authentication.
This change will update OpenStackClient to use keystoneauth for
authentication.

All dependant test have been updated.

Updating how auth_ref is set in the tests to use KSA fixtures had
some racy side-effects.  The user_role_list tests failed when they
picked up an auth_ref that was a fixture.  This exposed a weakness
in ListUserRole that needed to be fixed at the same time re
handling of unscoped tokens and options.

Change-Id: I4ddb2dbbb3bf2ab37494468eaf65cef9213a6e00
Closes-Bug: 1533369
2016-06-09 18:00:40 +02:00
Hieu LE
b8432408e6 Ignore domain related config when using with keystone v2
Currently, "/usr/bin/openstack --insecure token issue"
fails when OS_AUTH_URL and OS_IDENTITY_API_VERSION
indicate keystone v2 if OS_PROJECT_DOMAIN_NAME or
OS_USER_DOMAIN_NAME are set. This patchset ignore domain
related configs if using with keystone v2 and print warning
for each ignored config.

Change-Id: I8afbda787df7855c3f8e868b0f07cbf3b9cd97fd
Closes-bug: #1447704
2016-05-09 12:29:44 +07:00
Hieu LE
59de9c477c Ignore domain related config when using with keystone v2
Currently, "/usr/bin/openstack --insecure token issue"
fails when OS_AUTH_URL and OS_IDENTITY_API_VERSION
indicate keystone v2 if OS_PROJECT_DOMAIN_NAME or
OS_USER_DOMAIN_NAME are set. This patchset ignore domain
related configs if using with keystone v2.

Change-Id: If7eea2ed1a4877c60d055ed0114a5e5f31e282a0
Closes-bug: #1447704
2016-05-06 03:42:15 +00:00
Tim Burke
926330d372 Propagate AttributeErrors when lazily loading plugins
Previously, if an AttributeError was raised in a plugin's make_client
method, the plugin simply wouldn't be an attribute of the ClientManager,
producing tracebacks like

Traceback (most recent call last):
  File ".../openstackclient/shell.py", line 118, in run
    ret_val = super(OpenStackShell, self).run(argv)

  ...

  File ".../openstackclient/object/v1/container.py", line 150, in take_action
    data = self.app.client_manager.object_store.container_list(
  File ".../openstackclient/common/clientmanager.py", line 66, in __getattr__
    raise AttributeError(name)
AttributeError: object_store

This made writing minimal third-party auth plugins difficult, as it
obliterated the original AttributeError.

Now, AttributeErrors that are raised during plugin initialization will
be re-raised as PluginAttributeErrors, and the original traceback will
be preserved. This gives much more useful information to plugin
developers, as in

Traceback (most recent call last):
  File ".../openstackclient/shell.py", line 118, in run
    ret_val = super(OpenStackShell, self).run(argv)

  ...

  File ".../openstackclient/object/v1/container.py", line 150, in take_action
    data = self.app.client_manager.object_store.container_list(
  File ".../openstackclient/common/clientmanager.py", line 57, in __get__
    err_val, err_tb)
  File ".../openstackclient/common/clientmanager.py", line 51, in __get__
    self._handle = self.factory(instance)
  File ".../openstackclient/object/client.py", line 35, in make_client
    interface=instance._interface,
  File ".../openstackclient/common/clientmanager.py", line 258,
  in get_endpoint_for_service_type
    endpoint = self.auth_ref.service_catalog.url_for(
PluginAttributeError: 'NoneType' object has no attribute 'url_for'

Change-Id: I0eee7eba6eccc6d471a699a381185c4e76da10bd
2016-04-14 21:12:35 -07:00
Cedric Brandily
3a8320a1d7 Support client certificate/key
This change enables to specify a client certificate/key with:
 * usual CLI options (--os-cert/--os-key)
 * usual environment variables ($OS_CERT/$OS_KEY)
 * os-client-config

Change-Id: Ibeaaa5897ae37b37c1e91f3e47076e4e8e4a8ded
Closes-Bug: #1565112
2016-04-06 20:21:19 +02:00
Tang Chen
fc24f37ae2 Trivial: Remove useless return
If a function returns nothing, do not add return in the end.

Change-Id: I298b8717462f68d3076a1619d674775be2a94c42
2016-03-07 17:54:06 +08:00
Brandon Palm
f49f0fead2 Fixed a bunch of spacing
Nothing too complicated here.  I fixed a bunch of spacing issues
that I saw in OSC.

Change-Id: I935ab48e7c5bac5f88ecdb3a05f73fb44fc9f41d
2016-02-23 10:38:58 -06:00
ting.wang
e2158b7ef4 Clean redundant argument to dict.get
`dict.get()` returns `None` by default, if a key wasn't found.
Removing `None` as second argument to avoid redundancy.

Change-Id: Ia82f7469cd019509bbeccbfe54b15eeedc7bb6ea
2016-02-21 13:21:31 +08:00
Jenkins
867bcb0db8 Merge "Support unscoped token request" 2016-02-21 04:31:51 +00:00
ting.wang
5a978b9ec1 Replace string format arguments with function parameters
There are files containing string format arguments inside logging messages.
Using logging function parameters should be preferred.

Change-Id: I15b405bf4d4715263fe1e1262982467b3d4bc1f4
Closes-Bug: #1321274
2016-02-20 14:16:25 +08:00
guang-yee
41e1bd0be6 Support unscoped token request
Make scope check optional for the "token issue" command as unscoped token is
a valid Keystone V2/V3 API.

Change-Id: Ie1cded4dbfdafd3a78c0ebdf89e3f66762509930
Closes-Bug: #1543214
2016-02-19 16:07:13 -08:00
Richard Theis
57dac0bc3a Refactor network endpoint enablement checking
Move the network endpoint enablement checking from the 'server create'
command to the common client manager. This allows future network
commands to use either nova or neutron networking based on the cloud
environment.

This patch set also includes related unit test enhancements to the
common client manager to trigger authentication on the tests.

Change-Id: Ia37e81d4fb05a1e2fceb3e5d367bda769ab8e64b
Related-Bug: #1519511
Related-to: blueprint neutron-client
2016-01-04 13:49:49 -06:00
lin-hua-cheng
f0a81c284d Mask the sensitive values in debug log
Change-Id: I0eb11a648c3be21749690f079229c8e63a678e6c
Closes-Bug: #1501598
2015-10-12 16:55:48 -07:00
Jenkins
9c492b742d Merge "Add plugin interface version" 2015-07-29 15:46:34 +00:00
TerryHowe
43942871a9 Add configuration show command
Create a `configuration show` command that displays the current
configuration of the CLI.  Different configurations can be
displayed using options such as --os-cloud.  Passwords and
tokens are redacted by default unless the --unmask
option is specified.

Closes-Bug: #1476729

Change-Id: I0792365d0c5fa526cd09c0ed88c6bb1e2cb813a7
2015-07-23 13:00:59 -06:00
Dean Troyer
15fe0fae17 Add plugin interface version
External plugins need to know which plugin interface is being
used by the host OSC.  Releases <1.6 (?) will not have a
version defined.

Plugins can add the following to their make_client() to discover
the interface version:

    _plugin_interface_version = getattr(
        instance,
        "PLUGIN_INTERFACE_VERSION",
        None,
    )

Change-Id: Ifc0f40fec5bc27f6425139984936b7f6e032a580
2015-07-22 11:06:41 -05:00
Jenkins
bbe71eb9a3 Merge "Rename endpoint type to interface" 2015-07-17 13:55:47 +00:00
TerryHowe
36391a81a3 Rename endpoint type to interface
Change-Id: I4e21d09bc747e8210f4f79a1d6c4c7ccf2f25d1c
Closes-Bug: #1454392
2015-07-15 10:11:59 -06:00
TerryHowe
ef0cf00b33 Fix interactive password prompt
Change-Id: Ie0e7a9cd6016b5c646a111a76e8372e10602a25c
Closes-Bug: #1473862
2015-07-13 07:44:24 -06:00
Jenkins
ee64c2fa6b Merge "Add --os-endpoint-type cli optional argument" 2015-07-03 02:48:47 +00:00
Roxana Gherle
5521e4c504 Add --os-endpoint-type cli optional argument
User should be able to specify the endpoint type through
a CLI optional argument/ENV variable setting. We will name this new
optional argument: --os-endpoint-type (Env: OS_ENDPOINT_TYPE) and
based on the value given, the service API will use that specific
endpoint type. Possible values: public, admin, internal.

DocImpact
Closes-Bug: #1454392
Change-Id: Ife3d4e46b44c0ddcd712b1130e27e362545a9a29
2015-07-02 10:10:46 -07:00
Steve Martinelli
aac0d588bd Skip trying to set project_domain_id if not using password
This is already fine for user_domain_id, and needs to be replicated
for project_domain_id. Also added more logging.

Change-Id: I3fa8f29edb3fc430d453bd0fc835312c0c8401f4
2015-06-11 02:43:57 -04:00
Jamie Lennox
3ae247fdce Set tenant options on parsed namespace
Because of the way OSC registers all plugins together we end up
with os-tenant-X parameters being saved to the project-X attribute after
parsing. If you are using the v2 plugins directly then they and os-client-config
expect the tenant_X values and will assuming no scoping information if
they are not present.

Validating options for scope will also fail in this situation, not just
because the resultant auth dictionary is missing the tenant-X
attributes, but because OSC validates that either project or domain
scope information is present.

Fix this by just always setting the v2 parameters if the v3 parameters
are present. This will have no effect on the generic or v3 case but fix
the v2 case.

Expand validation to include the tenant options so it knows that v2
plugins are scoped.

Change-Id: I8cab3e423663f801cbf2d83106c671bddc58d7e6
Closes-Bug: #1460369
2015-05-31 15:03:42 +10:00
Roxana Gherle
c126a2ae56 Send the correct user-agent to Keystone
When we execute an Openstack CLI command, keystone should log in
Keystone access log that the user-agent that made the request was
'python-openstackclient' instead of the default 'python-keystoneclient'.
Therefore, when we create the authentication session we
need to send the explicit user-agent.

Closes-Bug: #1453995

Change-Id: I75087fd4bb1ff1e6f2a911bc70bf8008268276bb
2015-05-11 17:00:39 -07:00
Dean Troyer
5649695c65 Add --os-cloud support
This adds a new option --os-cloud that allows the configuration values
for multiple clouds to be stored in a local file and selected with
a single option.

Internal option names have had 'os_' removed to be comptible with
the options returned from OpenStackConfig().get_one_cloud().

The config file is ~/.config/openstack/clouds.yaml:

Sample
------
clouds:
  devstack:
    auth:
      auth_url: http://192.168.122.10:35357/
      project_name: demo
      username: demo
      password: 0penstack
    region_name: RegionOne
  devstack:
     auth:
       auth_url: http://192.168.122.10:35357/
       project_name: demo
       username: demo
       password: 0penstack
     region_name: RegionOne

Co-Authored-By: Monty Taylor <mordred@inaugust.com>
Change-Id: I4939acf8067e44ffe06a2e26fc28f1adf8985b7d
Depends-On: I45e2550af58aee616ca168d20a557077beeab007
2015-04-18 23:04:51 -05:00
Dean Troyer
0d689871b4 Fix session timing
Subclass keystoneclient.session.Session to add the timing hooks to
record the elapsed time returned by requests.Response objects, including
the redirection history.  Redirects are included individually and not
rolled into the total time for the original request.

This works for all clients that use OSC's session.

Closes-Bug: #1402577
Change-Id: I9360c90c151579b89a37edb8c11c17feb15b3cb9
2015-04-07 23:53:31 -07:00
Jenkins
2f4cfb6cd5 Merge "Move OSC auth plugins so they can be found" 2015-03-10 05:37:41 +00:00
Dean Troyer
749920bc65 Move OSC auth plugins so they can be found
The plugin detection at the top of openstackclient.api.auth did not
detect the plugins at the bottom of that file because, surprise,
they had not been declared yet so the entry points were ignored.

Move both plugin subclasses into openstackclient.api.auth_plugin.

Fix a problem with the password callback that was otherwise made
worse with this change.

Closes-Bug: 1428912
Change-Id: Idc3b72534071e0013c8922884a8bc14137509a0f
2015-03-10 03:16:12 +00:00
Jamie Lennox
47977fcc32 Raise AttributeError for unknown attributes
Not returning a value is the same as returning None. In the event that
someone asks ClientManager for an attribute that doesn't exist it should
raise AttributeError in the same way as other python objects rather
than return an empty value.

Change-Id: Id0ee825e6527c831c38e3a671958ded362fb96e1
2015-03-05 23:40:26 -08:00